From owner-freebsd-isp@FreeBSD.ORG  Mon Apr  7 10:58:16 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4684237B401
	for <freebsd-isp@freebsd.org>; Mon,  7 Apr 2003 10:58:16 -0700 (PDT)
Received: from webmail.emre.de (webmail.emre.de [194.8.203.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1A9B543FA3
	for <freebsd-isp@freebsd.org>; Mon,  7 Apr 2003 10:58:15 -0700 (PDT)
	(envelope-from info@emre.de)
Received: by webmail.emre.de (Postfix, from userid 80)
	id 326413A23C; Mon,  7 Apr 2003 19:58:19 +0200 (CEST)
Received: from 192.168.2.2 ( [192.168.2.2])
	as user emre@webmail.emre.de by webmail.emre.de with HTTP;
	Mon,  7 Apr 2003 19:58:18 +0200
Message-ID: <1049738298.3e91bc3a9a4ca@webmail.emre.de>
Date: Mon,  7 Apr 2003 19:58:18 +0200
From: Emre Bastuz <info@emre.de>
To: freebsd-isp@freebsd.org
References: <3E91A651.2010603@infodev.ca>
In-Reply-To: <3E91A651.2010603@infodev.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.0
X-Originating-IP: 192.168.2.2
Subject: Re: DMZ
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2003 17:58:16 -0000

Hi Dominic,

Zitat von "D.Pageau" <dpageau@infodev.ca>:
[...]
I believe the best way would be asking your ISP for another
/30 subnet and a static routing entry for 216.1.1.0/28
to the firewall side of the new point-to-point link.

You could then use the full /28 on your DMZ and the
additional IP on rl0 for NATing your RFC1918 address
space on rl2.

If itīs not possible to get another /30 you might configure
the 828 to have a point-to-point link using also private address
space (say 172.16.0.0/30) and still having a static routing entry
to the IP of rl0 on the 828.

Using private address space on PTP links sometimes leads to confusion
though, as this part of your connectivity will not show up on an external
(i.e. another ISP) traceroute.

Itīs a question of taste i believe.

Iīd prefer the first choice if possible (depends much on the "quality" of
your ISP).

Regards,

Emre

-- 
Emre Bastuz
info@emre.de              http://www.emre.de        
UIN: 561260           PGP Key ID: 0xAFAC77FD